Search criteria
3 vulnerabilities found for deebot_x1e_omni_firmware by ecovacs
FKIE_CVE-2024-52330
Vulnerability from fkie_nvd - Published: 2025-01-23 17:15 - Updated: 2025-09-23 17:48
Severity ?
Summary
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
References
| URL | Tags | ||
|---|---|---|---|
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf | Exploit, Third Party Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf | Exploit, Third Party Advisory | |
| 9119a7d8-5eab-497f-8521-727c672e3725 | https://www.ecovacs.com/global/userhelp/dsa20241217001 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x2_omni_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBAD9FC-1343-4D07-99E6-9E7C3D77C694",
"versionEndExcluding": "1.76.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x2_omni:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD94283-0BC1-4C7C-A5F3-9D57E44B4C64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x2_combo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF98AFD-C399-4AB8-A637-29561F39F134",
"versionEndExcluding": "1.81.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x2_combo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C12633C-1BD2-4BF6-BF11-FC05221B93EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969D4A03-B499-4218-BF07-22E51654AA6C",
"versionEndExcluding": "1.49.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11AA1D51-EE29-4252-A739-1F1D4A3F428D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x5_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B819C9B-F143-4A63-825C-B1DF1DCB16B7",
"versionEndExcluding": "1.70.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x5_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64AB781B-CB28-4229-A74D-8CDD325EFAC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x5_pro_plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F61F40B-6031-4C32-9571-B92C3377EFB2",
"versionEndExcluding": "1.38.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x5_pro_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE49BE7-59E8-4447-B78B-4FEDF4F773CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x5_pro_ultra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4821F3-3B7D-4035-980F-C11713C5D424",
"versionEndExcluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x5_pro_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8504979A-A4F0-4A03-8816-E9AB3BD6F40B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:mate_x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4EC5E7-04E3-497C-ACD9-2479C48A2FC4",
"versionEndExcluding": "1.44.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:mate_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "706F2C75-0E75-487B-BA24-EB824E6BC16B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F75A470-5B86-41C6-86E2-232656AF68F9",
"versionEndExcluding": "2.4.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x1_omni:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91E23E30-45BE-4142-8E9C-032282F3B6A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F868AC3-7B87-44E5-A7B0-F2C85DCA7E7C",
"versionEndExcluding": "2.4.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x1_turbo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65F69609-1D21-461A-9457-A745194759CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B044584-55B4-4E88-99C9-9A48D9B4E908",
"versionEndExcluding": "2.4.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:*:*:*:*:*:*:*",
"matchCriteriaId": "003B54E0-B2FF-485A-9A55-925609EE8DF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE87B2E-A1B1-438E-9482-E8466647050B",
"versionEndExcluding": "1.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA0B484-221F-4E67-927F-DBCBBC1F6448",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x1_plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC2AA81-5895-43EE-8B34-D8074DDD301F",
"versionEndExcluding": "1.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x1_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5586D60-D87F-45A1-8619-F6CC12AD9731",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "849A58E5-2700-49F4-BF60-C35E97689AE1",
"versionEndExcluding": "2.5.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7526B614-1962-490C-8972-2A275A471A86",
"versionEndExcluding": "1.23.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4612A790-C3CC-40AA-8E31-2C2918C6AB6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x1e_omni_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67C721A5-53B6-4B15-A76C-481EF4C45147",
"versionEndExcluding": "2.4.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x1e_omni:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16705AA3-4CAE-4BF5-8084-6A6CB30A1E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "454C233D-82D5-4B99-AC3A-94B1CF23F078",
"versionEndExcluding": "1.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_t10_turbo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEFE0B-99F7-49DF-96E3-69B6FC1EF262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E44970-1ADF-4170-A09A-F64F02E27C64",
"versionEndExcluding": "1.7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_t10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBAA124-1B4C-4E75-80E1-A747AC9183E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA98740-BA9B-4479-B92F-F76B1234D2FE",
"versionEndExcluding": "1.7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B843C490-26E9-4D03-8BCB-DBC462833D12",
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_t10_omni:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11395F70-87C2-41DD-9D9A-CFA8D0512ECE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ecovacs:deebot_x2_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F737D6-74BD-47F8-88B7-045E8B280E46",
"versionEndExcluding": "1.76.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ecovacs:deebot_x2_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C98FE3FD-E432-4DD7-AF87-6FBA4C4ABC45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates."
},
{
"lang": "es",
"value": "Las cortadoras de c\u00e9sped y las aspiradoras ECOVACS no validan correctamente los certificados TLS. Un atacante no autenticado puede leer o modificar el tr\u00e1fico TLS, posiblemente modificando las actualizaciones de firmware."
}
],
"id": "CVE-2024-52330",
"lastModified": "2025-09-23T17:48:33.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
},
"published": "2025-01-23T17:15:14.427",
"references": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
}
],
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
}
CVE-2024-52330 (GCVE-0-2024-52330)
Vulnerability from cvelistv5 – Published: 2025-01-23 16:36 – Updated: 2025-02-12 20:41
VLAI?
Summary
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
Severity ?
7.4 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ECOVACS | DEEBOT X5 PRO PLUS |
Unaffected:
1.38.0
Affected: 0 , < 1.38.0 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52330",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:56:31.855219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:28.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.38.0"
},
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.70.0"
},
{
"lessThan": "1.70.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2S",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.49.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.49.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.5.31"
},
{
"lessThan": "2.5.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1e OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.42"
},
{
"lessThan": "2.4.42",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.5"
},
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.9.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO ULTRA",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.17.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mate X",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.44.18"
},
{
"lessThan": "1.44.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 COMBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.81.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.81.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PRO OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.41"
},
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.23.0"
},
{
"lessThan": "1.23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.10.0"
},
{
"lessThan": "1.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.7.5"
}
]
}
],
"datePublic": "2023-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
},
{
"cvssV4_0": {
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:36:50.128Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"name": "url",
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"name": "url",
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
}
],
"title": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-52330",
"datePublished": "2025-01-23T16:36:50.128Z",
"dateReserved": "2024-11-08T01:06:02.405Z",
"dateUpdated": "2025-02-12T20:41:28.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52330 (GCVE-0-2024-52330)
Vulnerability from nvd – Published: 2025-01-23 16:36 – Updated: 2025-02-12 20:41
VLAI?
Summary
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
Severity ?
7.4 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ECOVACS | DEEBOT X5 PRO PLUS |
Unaffected:
1.38.0
Affected: 0 , < 1.38.0 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52330",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:56:31.855219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:28.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.38.0"
},
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.70.0"
},
{
"lessThan": "1.70.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2S",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.49.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.49.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.5.31"
},
{
"lessThan": "2.5.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1e OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.42"
},
{
"lessThan": "2.4.42",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.5"
},
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.9.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO ULTRA",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.17.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mate X",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.44.18"
},
{
"lessThan": "1.44.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 COMBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.81.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.81.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PRO OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.41"
},
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.23.0"
},
{
"lessThan": "1.23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.10.0"
},
{
"lessThan": "1.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.7.5"
}
]
}
],
"datePublic": "2023-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
},
{
"cvssV4_0": {
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:36:50.128Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"name": "url",
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"name": "url",
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
}
],
"title": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-52330",
"datePublished": "2025-01-23T16:36:50.128Z",
"dateReserved": "2024-11-08T01:06:02.405Z",
"dateUpdated": "2025-02-12T20:41:28.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}